Wireless LAN security: X marks the spot

If you are concerned about wireless LAN (WLAN) security, you should become familiar with 802.1X. This is the view of Graham Vorster, chief technology officer at Duxbury Networking.

He outlines the benefits - and some pitfalls - of this new IEEE WLAN standard.

The focus on network security is unrelenting in the face of hacker, denial of service and many other attacks that are regularly reported by the largest network users.

The new 802.1X standard goes some way towards protecting one of the most vulnerable network platforms - the wireless LAN (WLAN).

It does this essentially by providing a framework for Ethernet switches, WiFi access points, and other layer 2 bridges to strictly control access to LAN ports and attached networks.

In enterprise WLANs, 802.1X is the keystone that supports even more robust airlink security measures of the future.

For those anticipating 802.1X deployment, recent news is both good and bad. Late last year (2002), broader product support emerged for 802.1X. Unfortunately, new vulnerabilities have also been identified.

From a technological perspective, the 802.1X framework allows a "supplicant" (software running on an Ethernet or WiFi station) request access from an "authenticator" (a switch or access point).

The AP sends the station`s identity to an authentication server in a RADIUS Access Request. Communicating through the AP, the RADIUS server and station negotiate and carry out authentication until the server accepts or rejects the Access Request.

Only accepted stations are permitted to send data through the AP to the attached network (and vice versa). These authentication messages are carried by the Extensible Authentication Protocol (EAP).

The 802.1X standard describes how to send and receive EAP over IEEE 802 LANs (EAPoL).

To deploy 802.1X, you`ll need to select an authentication method to be carried inside this EAPoL envelope. For example:

* EAP-MD5 is functionally similar to CHAP and should only be used over links where eavesdropping is unlikely. Because WLAN sniffing is easy, EAP-MD5 is inappropriate for use over WiFi.

* EAP-TLS uses the Transport Layer Security (TLS) protocol to create an encrypted channel for negotiation and mutual authentication using digital certificates. TLS provides confidentiality and integrity, so using EAP-TLS over WiFi is safe.

The IEEE 802.1X framework standard is complete, but EAP methods remain a hotbed of vendor innovation, Internet draft proposals, and vulnerability analysis.

As a result, it is important that, before using 802.1X, all stations, APs and RADIUS servers all support a common EAP method.

The IEEE is developing 802.11i MAC security enhancements to the 802.11 base standard. 802.1X plays a crucial role in 802.11i. In addition to controlling BSS access at the AP, 802.1X provides a carrier for delivering crypto keys to authenticated stations.

Dynamic key delivery overcomes an obvious hole in the 802.11 base standard: Without a mechanism for key delivery, the crypto keys used by 802.11 Wired Equivalent Privacy (WEP) must be statically configured into all stations connected to the same AP.

Because stations use these shared keys directly for encryption, every station can decrypt every other station`s data.

Considerable traffic gets encrypted with the same key over long periods of time, making the WLAN vulnerable to lost or cracked keys.

802.11i uses 802.1X to deliver session keys from the AP to the station. If encryption keys were simply sent over an unencrypted airlink, security would be compromised. Therefore, 802.1X supplies keying material that the station and AP use to derive encryption keys. Two master keys are delivered to the station:

* A Pairwise Master Key is used to derive base keys that provide confidentiality and integrity for data sent and received between this station and AP only.

* A Group Master Key is used to derive base keys that provide confidentiality and integrity for broadcast frames. All stations share the AP`s Group Master Key.

For data encryption, per-packet keys are generated by mixing the base key with the transmitter`s MAC address and an initialisation vector in two phases.

With this method, over 500 trillion frames can be sent without reusing the same key.

The 802.11i draft specifies a Temporal Key Integrity Protocol (TKIP) and a Message Integrity Code (MIC) used for encrypting data and detecting forgery.

These techniques are only as secure as the crypto keys they use. This is why it is so important to use 802.1X with an EAP method that provides for secure key delivery.

When 802.1X is absent, shared secrets can still be used as master key inputs to the mixing functions. Shared secrets do not provide the same scalable, robust security as dynamic session keys, but they can be a practical alternative in small WLANs that lack 802.1X RADIUS infrastructure.

Unlike shared WEP keys, shared secrets are not used directly for encryption -- this is a significant improvement. However, they must still be kept secret, in much the same way that passwords are guarded.

Despite known risks, 802.1X can provide a WLAN with stronger access control and dynamic key delivery. When used to enable new privacy and integrity measures - such as TKIP and MIC - 802.1X can help build more secure WLANs.

The objective is to gain experience to plan for broader deployment, and keep options open for new EAP methods and software/firmware patches.

802.1X is an important weapon to add to the growing WLAN security arsenal.